Splunk® App for PCI Compliance

Installation and Configuration Manual

Download manual as PDF

Download topic as PDF

Understand the Splunk App for PCI Compliance

You can add data from the PCI cardholder data environment (CDE) using add-ons installed on Splunk forwarders. The forwarders send data to the indexers. After the data arrives at the indexers, the indexers perform custom categorization and field extractions and store the data. The Splunk App for PCI Compliance installed on a search head searches the indexed data and returns results, populating dashboards and providing administrators with an overview of their CDE.

  • The Splunk App for PCI Compliance (for Splunk Enterprise) includes the domain add-on (DA-ESS-PCICompliance) and supporting add-ons (SA-*) and technology add-ons (TA-*) that make up the Enterprise Security framework.
  • The Splunk App for PCI Compliance (for Splunk Enterprise Security) includes only the DA-ESS-PCICompliance domain add-on.

Several lookup files included in the add-ons that make up the Splunk App for PCI Compliance or the Enterprise Security framework are necessary for configuring the Splunk App for PCI Compliance.

Name File Location Description
PCI Views Splunk_DA-ESS_PCICompliance/lookups/pci_views.csv List of reports and mapping to main PCI DSS requirement.
Expected Views SA-AuditAndDataProtection/lookups/expected_views.csv Views that are tracked for auditing.
Prohibited Traffic SA-NetworkProtection/lookups/prohibited_traffic.csv Traffic that generates notable events when detected.
Identities SA-IdentityManagement/lookups/identities.csv List of identities used for identity correlation.
Assets SA-IdentityManagement/lookups/assets.csv List of assets used for asset correlation.
Categories List SA-IdentityManagement/lookups/categories.csv Categories that apply to assets and identities.
PCI Domains List SA-IdentityManagement/lookups/pci_domains.csv List of PCI domain labels.
Urgency Matrix SA-ThreatIntelligence/lookups/urgency.csv List of defined urgency levels.
PREVIOUS
Get support and find information about Splunk software
  NEXT
Identify data sources

This documentation applies to the following versions of Splunk® App for PCI Compliance: 3.4.0, 3.4.1, 3.4.2, 3.5.0, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters